GDPR Is Just About Marketing Data Isn't It?
Published on: 3rd April 2018
By PYXI GDPR Team
One of the comments that has cropped up quite a few times now in conversation with small business owners is that GDPR is just for managing marketing and mailing lists... NEWSFLASH! No it's much, much bigger than that!
Most people we speak to now have heard of GDPR and the big scary stories like Facebook's data issues or Talk Talk's latest fines, and most of them have had to consent to new privacy policies on social media and other services as a result of the GDPR legislation. In recent weeks though, several of them have said to us that "MailChimp (or a.n.other email-marketing app) is GDPR compliant, so we're covered, right?" And so we've had to gently explain that actually the GDPR covers ALL the personal data that they hold, from partners, colleagues, suppliers, networks, clients AND the people on their marketing lists. Suddenly the penny drops and the realisation of the huge mental shift required by GDPR hits them.
So while marketing lists (email or print) are easily understood as a key focus of GDPR, we also need to think about ALL the other people whose details we use and store in our data world too. GDPR encourages us to think clearly about WHY we have their data, WHETHER we should keep it (and if so, for how long), HOW we store it and WHO has access or shares responsibility for securing it against breach and damage. It also asks us to be clear about whether we HAVE PERMISSION to have the data in the first place.
Working from this wider perspective creates a useful opportunity to think about your business as a whole, and tighten up your data "universe", as well as identifying security improvements and building in best practice data management to your business operations.
PYXI GDPR Team: 3rd Apr 2018 14:59:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
Enforcement Notice For Not Responding To A Subject Access Request
Ainsworth Lord Estates Limited has been served an enforcement notice for not responding to a Subject Access Request. A Lancashire-based business, Ainsworth Lord Estates Limited, has been served an Enforcement Notice by the Information Commissioner... click to read more